1 comment

  • Arthur Klepchukov, almost 3 years ago

    I strongly resist this approach. Why make it harder for public computer users to practice better security? This would force them to tick a "Log me out after my session" checkbox that's presumably unchecked by default. This is punishing them for the minor inconvenience of checking "Remember me" on personal computers. So the new default is personal computer users have a minor inconvenience removed while public computer users get less security. Forgetting to check an authentication option shouldn't leave you more exposed, it should just ask you to authenticate again. That's exactly why "Remember me" isn't the default; usability shouldn't compromise security.

    And if we assume casual users are confused by "remember me," do we really think "after my session" is an improvement? What's a session? When is after? Who decides one ends?

    0 points